ACL's

Hi,

    while  writing  the  chapter  about  Rules  and permissions I
    remember that there was a problem with non privileged  users.
    As  soon  as  someone without superuser privs does a GRANT or
    REVOKE on his relations, he must GRANT explicitly to  himself
    too  or  will  get  a  "permission denied". I think since the
    table owner allway  has  the  right  to  change  ACL's,  this
    doesn't  make sense. I'll dig it up and send in a patch soon.

    While doing this, should I exclude RULE permission from GRANT
    ALL?  I think it's dangerous to have it included, because the
    usual way to give full access is  a  GRANT  ALL  and  someone
    might  forget  that  this  includes the right to disable rule
    actions for a moment. The output of pg_rules gives anyone the
    knowledge to reinstall the correct rules after. An explicitly
    required GRANT RULE is better IMHO. And the RULE right  isn't
    standard, is it?


Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#======================================== jwieck@debis.com (Jan Wieck) #